It's possible to spoof authentication data lockally for suid CGI application.
vulners.com/securityvulns/securityvulns:doc:5111